From 7bf5a4b12101ad78c9e908e5cbcb4f7c9dd317f6 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 26 Apr 2024 15:51:49 +0200
Subject: Update old CVE-2016-7036 and associate it with python-jose

---
 data/CVE/list | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/data/CVE/list b/data/CVE/list
index c122fd0d41..02538b4ebf 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -499122,7 +499122,8 @@ CVE-2016-7038 (In Moodle 2.x and 3.x, web service tokens are not invalidated whe
 CVE-2016-7037 (The verify function in Encryption/Symmetric.php in Malcolm Fell jwt be ...)
 	NOT-FOR-US: Malcolm Fell jwt
 CVE-2016-7036 (python-jose before 1.3.2 allows attackers to have unspecified impact b ...)
-	NOT-FOR-US: Python jose
+	- python-jose <not-affected> (Fixed before initial upload to Debian)
+	NOTE: https://github.com/mpdavis/python-jose/commit/89b46353b9f611e9da38de3d2fedf52331167b93 (1.3.2)
 CVE-2016-7035 (An authorization flaw was found in Pacemaker before 1.1.16, where it d ...)
 	- pacemaker 1.1.15-3 (bug #843041)
 	[wheezy] - pacemaker <not-affected> (Vulnerable code introduced later)
-- 
cgit v1.2.3